From 2c133b1870238e0b995a7e5229512106358370fe Mon Sep 17 00:00:00 2001
From: Rohan Kumar <seirdy@seirdy.one>
Date: Sat, 6 Aug 2022 19:00:12 -0700
Subject: [PATCH] New note: alternative textual browsers

---
 content/notes/alternative-textual-browsers.md | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 content/notes/alternative-textual-browsers.md

diff --git a/content/notes/alternative-textual-browsers.md b/content/notes/alternative-textual-browsers.md
new file mode 100644
index 0000000..1469783
--- /dev/null
+++ b/content/notes/alternative-textual-browsers.md
@@ -0,0 +1,10 @@
+---
+title: "Alternative textual browsers"
+date: 2022-08-06T19:00:03-07:00
+---
+I've used [many textual browsers]({{<relref "/meta/site-design.md#compatibility-statement">}}), but I'm interested in more hardened options. Browsers parse untrusted content from the Internet but no textual browsers employ sandboxing, continuous fuzzing, or other security measures. Check CVEs for Lynx or w3m and you'll see what I mean.
+
+I'm also looking at alternatives to [my w3m-sandbox script](https://git.sr.ht/~seirdy/bwrap-scripts/tree/trunk/item/w3m-sandbox) to show HTML emails. Pandoc with `commonmark-raw_html` output is an option; Haskell seems like a better choice than un-fuzzed C for this. I'd like a more battle-hardened library for networking, like libcurl (used in Edbrowse).
+
+I considered [Offpunk](https://notabug.org/ploum/offpunk), which uses Readability to extract articles. I'd rather pipe [rdrview](https://github.com/eafer/rdrview) output to w3m-sandbox. rdrview does some sandboxing, and sanitizes input to a subset of HTML.
+